CVE-2026-13500: ANTLR4 Code Injection in Grammar Action Block Handler — Developer Toolchain Supply Chain Vulnerability (CVSS 7.3)

nick

CVE-2026-13500: ANTLR4 Code Injection in Grammar Action Block Handler — Developer Toolchain Supply Chain Vulnerability (CVSS 7.3)

by

CVE: CVE-2026-13500 | CVSS 3.1: 7.3 (HIGH) | CWE: Code Injection | Vendor: ANTLR / Terence Parr | Product: ANTLR4 through version 4.13.2 | Component: Grammar Action Block Handler (OutputFile.java)

What Is the Vulnerability

ANTLR4 (ANother Tool for Language Recognition) is one of the most widely used parser generators in software development. It converts grammar definitions — formal descriptions of language syntax — into lexer and parser code in Java, C#, Python, JavaScript, Go, C++, Swift, and other languages. ANTLR4 is embedded in thousands of compilers, linters, code formatters, SQL parsers, and domain-specific language tools.

The vulnerability exists in the grammar action block handler — the component that processes user-defined code blocks embedded within ANTLR4 grammar files. These action blocks allow grammar authors to insert custom code that executes when specific parser rules are matched. The handler in OutputFile.java does not properly sanitize or isolate these action blocks during the code generation phase. An attacker who can supply or modify an ANTLR4 grammar file can inject arbitrary code into the generated parser that executes during code generation — before the parser is even compiled. This is a code injection vulnerability in the development toolchain itself.

The attack vector requires an attacker to influence a grammar file processed by ANTLR4. This could occur through: malicious pull requests to projects that include ANTLR4 grammars, dependency confusion attacks where a malicious grammar package is substituted for a legitimate one, or supply chain compromise of grammar repositories. A public exploit is available.

Versions Affected

  • ANTLR4 versions through 4.13.2
  • All language targets (Java, C#, Python, JavaScript, Go, C++, Swift, etc.) are affected — the vulnerability is in the core code generator, not a language-specific runtime
  • Any project that generates code from ANTLR4 grammars sourced from external or untrusted origins

Exploited?

Public exploit available. No confirmed active exploitation in the wild. The CVSS 7.3 reflects the indirect attack path — an attacker needs to influence a grammar file — but the exploit is publicly available and ANTLR4’s central position in the compiler toolchain makes this a developer-tool supply chain concern. The vendor was contacted and a fix is expected.

Fix

At the time of this advisory, the vendor has been notified and a patched version of ANTLR4 (beyond 4.13.2) is expected. Monitor the ANTLR4 GitHub repository for the patched release.

  • Primary fix (pending): Upgrade ANTLR4 to the patched version when released
  • Workaround: Do not generate code from untrusted grammar files. Review grammar files from external sources before processing through ANTLR4
  • CI/CD: If your build pipeline generates code from grammars, ensure generated code is reviewed before compilation — do not blindly trust the output of the code generator

Recommendations

  • Audit grammar sourcing. Inventory all ANTLR4 grammar files used across your codebase. Identify which grammars originate from external sources, dependencies, or community repositories.
  • Review code generation pipelines. If your CI/CD pipeline processes grammar files from pull requests or external contributors, implement grammar file review as a gating step.
  • Pin grammar dependencies. Use specific versions of grammar dependencies rather than pulling from upstream on each build.
  • Defense in depth. Treat generated code as untrusted until reviewed. Run static analysis on generated parser code before compilation.
  • Monitor for the patch. The vendor has been notified — apply the patched ANTLR4 version as soon as it is released.
  • Not a “drop everything” emergency. CVSS 7.3 with an indirect attack path means this is a measured response item, not an all-hands incident. Prioritise if your development pipeline accepts external grammar files.

References

Part of the Vulnerability Intelligence series on threat-modeling.com. Developer toolchain supply chain advisory. See the June 29, 2026 Vulnerability Intelligence Report for broader context. This is the final dedicated advisory of the June 2026 reporting period.

Threat Modeling and Security by Design

Threat modeling and Security by Design methods, tools, and approaches to help secure your business and IT landscape.

Terms of Service | Privacy Policy

AI chatbot & help center by 99helpers.com

Threat Modeling
Threat Modeling Tool
Threat Modeling Tool Explainer
What is Threat Modeling?
STRIDE Threat Modeling
PASTA Threat Modeling
Automated Threat Modeling
Threat Modeling Framework
CISO Security Mind Map 2026
CIS Controls
OWASP Top 10

© Threat-Modeling.com

Connect with me

Enter your Email address if you want to connect and receive threat modeling updates (I won’t spam you or share your contact details).

AND / OR

Try my threat modeling tool, it's completely free to use.

Thanks for signing up!